On Our Radar

Amid Hacking Headaches, Twitter Begins Using Email Authentication

Amid a string of hackings this week, Twitter said it has begun using a new security protocol that will help reduce email-based abuse and ensure that emails coming from a Twitter.com address are authentic.

Continue Reading Below

The world’s No. 2 social network behind Facebook (FB) said on its official blog late Thursday that it is using a technology called DMARC that makes it “extremely unlikely” that copy-cat malicious emails will be sent to users.

“There’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information, commonly called ‘phishing,’” Twitter said.

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on established authentication protocols to give email providers a way to block email from forged domains.

Twitter says it will lessen the risk that users mistakenly give away personal information to criminals and fraudsters.

The move comes as two corporate verified accounts – Burger King (BKW) and Chrysler’s Jeep -- were hijacked by hackers this week. In both cases, the accounts were rebranded, and the companies were claimed to be sold to competitors. Using offensive language, accusations about the unethical conduct of employees were made with links to videos and pictures.

Continue Reading Below

ADVERTISEMENT

A day after Burger King was attacked, Twitter issued a “friendly reminder” about password security, encouraging users to follow best practices for setting up passwords, which includes using at least 10 characters with both upper and lower case characters, numbers and symbols.

However, critics are calling for Twitter, which is used as a lighting-speed source for news gathering and serves as many brands’ face on social media, to adopt better security protocols for ensuring access to official accounts are blocked.

Google (GOOG), for example, offers a two-step verification process for its email that sends a text message with a code to a user if someone is trying to access their account from an unfamiliar computer.

Twitter called the DMARC security protocol young but said it is gaining “significant traction” in the email community with all four major email providers, AOL, Gmail, Outlook and Yahoo (YHOO) already on board.